CVE-2023-53998Missing Synchronization in Linux

CWE-820Missing Synchronization7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: hwrng: virtio - Fix race on data_avail and actual data The virtio rng device kicks off a new entropy request whenever the data available reaches zero. When a new request occurs at the end of a read operation, that is, when the result of that request is only needed by the next reader, then there is a race between the writing of the new data and the next reader. This is because there is no synchronisation whatsoever between the

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.264.19.291+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxf7f510ec195781c857ab76366a3e1c59e1caae42241ef15776a7c8505008db689175b320d345ecd3+8
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-53998: In the Linux kernel, the following vulnerability has been resolved: hwrng: virtio - Fix race on data_avail and actual data The virtio rng device kicks2025-12-24
GHSA
GHSA-g2vv-m9x5-457j: In the Linux kernel, the following vulnerability has been resolved: hwrng: virtio - Fix race on data_avail and actual data The virtio rng device kic2025-12-24
OSV
hwrng: virtio - Fix race on data_avail and actual data2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: hwrng: virtio - Fix race on data_avail and actual data2025-12-24
Debian
CVE-2023-53998: linux - In the Linux kernel, the following vulnerability has been resolved: hwrng: virt...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53998 Impact, Exploitability, and Mitigation Steps | Wiz